HCL Commerce Version 9.1.19.0

HCL Commerce 9.1.19.0

HCL Commerce 9.1.19.0 is a feature (mod pack) release for HCL Commerce Version 9.1.

  • HCL Commerce 9.1.19.0 was released on December 12, 2025.

For a full list of the release files and their associated MD5 checksum values, see HCL Commerce eAssemblies.

Security updates

HCL Commerce 9.1.19.0 contains the following security-related fixes.
Affected software CVE(s) Vulnerability

WebSphere Application Server, WebSphere Application Server Liberty, IBM HTTP Server and IBM Java SDK

included in:

HCL Commerce 9.1.0 - 9.1.18.2

 CVE-2025-48976, CVE-2025-33142, CVE-2025-36047, CVE-2025-36124, CVE-2025-36000, CVE-2020-36732, CVE-2025-53066, CVE-2025-53057, CVE-2025-30754 Multiple vulnerabilities in various IBM products affect HCL Commerce

HCL Commerce 9.1.0.0 - 9.1.18.2

 CVE-2025-48989, CVE-2025-7962, CVE-2025-55163, CVE-2025-64718, CVE-2025-58057 Multiple vulnerabilities in open source components affect HCL Commerce
Important: Non-applicable vulnerabilities are security vulnerabilities related to HCL Commerce and its companion or co-requisite software that the HCL Commerce team has determined require no action, as they do not impact HCL Commerce deployments.

Feature enhancements

The following features have been introduced in this release. Review the following list to ensure that your site is prepared once this update is applied.

Search
Performance improvements
Optimizing the internal response data payload from Elasticsearch led to a potential reduction in CPU usage, particularly in search results containing a large number of facetable and searchable attributes.
Improved LISTAGG related logic handling when ingesting data into Elasticsearch through NiFi. It is now optional to use the flow.database.listagg (defaulted to true) to disable the use of the database listagg operation.
Learn more...
Request Level Trace in Ingest service
Enabled Request Level Trace in Ingest service. The same request-level trace instructions used for the Query service can now be applied when calling the Ingest service.
Learn more...
Store
One page checkout
The One page checkout feature displays all necessary checkout steps on a single, scrollable page, simplifying the order placement process.
Learn more...
Accessibility
Accessibility features help a user who has a physical disability, such as a visual impairment, hearing impairment, or limited mobility, to use software products successfully. The Ruby storefront now complies with WCAG 2.2 Level A and Level AA accessibility standards.
Learn more...
Tools
Angular version update
Angular is upgraded from version 18 to version 19.2.14. This upgrade might impact a customized Commerce Management Center. See the commerce-tooling/package.json file within the Tooling SDK for information regarding exact version levels. To download the Tooling SDK, see Downloading HCL Commerce software.
Email template
Users can create new and configure existing email templates and their configurations using the Management Center for HCL Commerce.

Learn more...

Managing email template configuration
HCL Commerce introduces the ability for users to fully manage email templates configuration, allowing them to create entirely new configuration and update existing ones.

Learn more...

Message type
The Message Types tool has been altered to leverage the changes to the APIs. Specifically, the tooling leverages the translatable meta data to determine which properties are translatable. If the property is translatable, then multiple translations of the value can be input using the Message Types tool.

Learn more...

Defect fixes

See HCL Commerce 9.1.19.0 in Fixes that are included in HCL Commerce releases for a detailed list of defects that were fixed in this release and its associated fix pack.

Supported software

HCL Commerce9.1.19.0 has been tested with the following companion software. The icon highlights software updates for version 9.1.19.0.

Commerce Companion software Database Browsers
HCL Commerce Version 9.1.19.0
  • WebSphere Application Server 9.0.5.25+ IFPH67817 + IFPH68418
  • WebSphere Application Server V8.5.5 Liberty V8.5.5 Liberty 25.0.0.9 + IFPH67833 + IFPH68424
  • IBM SDK, Java Technology Edition, Version 8.0.8.55
  • IBM HTTP Server 9.0.5.25
  • IBM Installation Manager 1.10.1.3
  • Elasticsearch
    • x86-647.17.28
    • Power7.17.28
  • NiFi 1.28.1
  • NiFi Registry 1.28.1
  • CoreNLP 4.5.9
  • Solr
    • Solr 7.3
    • Solr 9.7
  • ZooKeeper
    • x86-643.9.3
    • Power3.9.3
  • Redis
    • x86-648.2.1
    • Power7.4.2-bv
  • Reddison 3.45.0
  • Vault 1.14.8
  • Kubernetes 1.30 to 1.32
  • Helm 3.17.x
  • Solr-based search solution
    • IBM Db2
      • x86-6411.5.9
      • Power11.5.9
    • Oracle 18c
    • Oracle 19c
  • Elasticsearch-based search solution
    • IBM Db2
      • x86-6411.5.9
      • Power11.5.9
    • Oracle 19c
  • Approval server
    • x86-64PostgreSQL 14.13
    • PowerPostgreSQL 14.13
  • Management Center for HCL Commerce
    • Edge 20+
    • Firefox 39+
    • Chrome 44+
    • Safari 10+
  • React-based storefronts
    • Edge 87+
    • Firefox 84+
    • Chrome 87+
    • Safari 14+
  • Aurora-based storefronts
    • Internet Explorer 20H2+
    • Edge 87+
    • Firefox 84+
    • Chrome 87+
    • Safari 14+